Overview

overview

10

Static

static

6

0845cbc7d6...27.apk

android-9-x86

10

0845cbc7d6...27.apk

android-10-x64

10

Analysis

  • max time kernel
    158s
  • max time network
    151s
  • platform
    android_x64
  • resource
    android-x64-20240221-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240221-enlocale:en-usos:android-10-x64system
  • submitted
    23-02-2024 22:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0845cbc7d695779678c606be985935229338aa40620f6a64d4e4c5d478163827.apk

  • Size

    4.3MB

  • MD5

    f51a0e997823700f11a8898d909ffae5

  • SHA1

    7ba675d8d0105ff5ee6e101602a3fef105708529

  • SHA256

    0845cbc7d695779678c606be985935229338aa40620f6a64d4e4c5d478163827

  • SHA512

    c7747f1a405773d77741d46c5613ca89d8de5528104b5820fe54d329e5c63bb3e8b954525ff3150f9634db4fb229108ad1eaa64e94d1d844a858499f238b819a

  • SSDEEP

    98304:Uad5I7OiqO3hASdBycfDxa/1/R94XmxUBqazKl1lje+6yprKVoXMY3MlL9xMK:b5I7vqc1DxI1xUFzq1ljHXFIoSlLDMK

Score
10/10
alienbotbankercollectionevasioninfostealerstealthtrojan

Malware Config

Extracted

Family

alienbot

C2

http://buuc5x0r7x98fj40mg2x.xyz

Signatures

  • Alienbot

    Alienbot is a fork of Cerberus banker first seen in January 2020.

    bankertrojaninfostealeralienbot
  • Makes use of the framework's Accessibility service 2 TTPs 3 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasion
  • Removes its main activity from the application launcher 7 IoCs
    stealthtrojan
  • Loads dropped Dex/Jar 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Acquires the wake lock 1 IoCs

Processes

  • co.collection.beyond
    1⤵
    • Makes use of the framework's Accessibility service
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Acquires the wake lock
    PID:5117

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/co.collection.beyond/app_DynamicOptDex/oat/rBSwINuWu.json.cur.prof
    Filesize

    482B

    MD5

    09c73ff903b4864b8df803932de70e17

    SHA1

    04e1dcad465665dfb1711842b3f24de059195d32

    SHA256

    a76599914595872554354729489d56e277a87d2e1bc9cdfd9cdf5487119e43a4

    SHA512

    fb50c6d5883a7be4f49322795cb1a919d60a0459db1b03d44ec68b857db862bdd2c680f18b10330c19aa6505fc662cdfb5eb17b667d8f0bacacc975b46beda7b

    Download Submit

  • /data/data/co.collection.beyond/app_DynamicOptDex/rBSwINuWu.json
    Filesize

    704KB

    MD5

    44205558b352a76fae56d0c47627e3e2

    SHA1

    d0c919e67575e8a59617d00e36fef670aed469ed

    SHA256

    6ad4868c68d85272c9fc77795cbb7d61052f1918f3c4716c22189a91505d41e8

    SHA512

    86355822b273a9c1d0fdfd9ad69da5a2e0eefd4dca756441cbb2ecf56b0e617a87399164321d0daadd5894d9f9c11c914317a36556a538091089e02fe897084d

    Download Submit

  • /data/data/co.collection.beyond/app_DynamicOptDex/rBSwINuWu.json
    Filesize

    704KB

    MD5

    4754bc57307c8ad1062cac1adab49992

    SHA1

    aa24f3b13ea26d33a83572662aaa6835acc79dd8

    SHA256

    20f8813ba7c5141338c14fb39949ac52a5c5ef3ea0a779c5059f5f8440c970a8

    SHA512

    7c6db01c827ab90242701c80159d59930790d9709885da29133e467f59ba81296956d78a8238cd95a2009964cb956da1292a2b9a7ed9ecda0d81631ff7f81cb0

    Download Submit

  • /data/user/0/co.collection.beyond/app_DynamicOptDex/rBSwINuWu.json
    Filesize

    192KB

    MD5

    8e04024394dac49181c44b330cfdf074

    SHA1

    3862b6ba03251ab1bc7efeed780b7fe26f92653d

    SHA256

    9895bac38fca3ffb3bec62e79cebb9286c67434c70e5ca44d416e988afc561cd

    SHA512

    a034c3a8edbfcf98e0c9188adc3c9b4013fb7eea81344096d24c1e3f846239f98668f6ea3031cec76cc5e0d30356d5b77e40e9d4dc75e64603eca573abfc4b09

    Download Submit